About 76,000 email addresses and roughly 4,000 passwords ended up on a publicly accessible server.

It is not uncommon for data breaches to be the result of programming errors – that is exactly what happened to Mozilla when a data sanitization process for the Mozilla Developer Network (MDN) failed and the email addresses and encrypted passwords of thousands of users ended up on a publicly accessible server.

A Mozilla web developer recognized sometime around July 21 that a data sanitization process – the act of completely wiping data from something – that began around June 23 was not going as smoothly as planned, according to a Friday post by Stormy Peters, director of developer relations with Mozilla, and Joe Stevensen, operations security manager with Mozilla.

“We had a script to remove all personal information and it failed,” Denelle Dixon-Thayer, senior vice president of business and legal affairs with Mozilla, told SCMagazine.com in a Monday email correspondence.

The incident resulted in the MDN email addresses of about 76,000 members being made available on a publicly accessible server, as well as roughly 4,000 encrypted passwords that were salted hashes, according to the post.

“While it is possible to decrypt the passwords [that were] leaked, it would be very difficult,” Dixon-Thayer said.

Mozilla has stopped the data sanitization process, Dixon-Thayer said. The database dump file has been removed from the publicly accessible server, the post indicates, and while Mozilla has not detected any malicious activity, the possibility that the file was accessed cannot be ruled out.

“The passwords that were leaked can no longer be used to log in to MDN,” Dixon-Thayer said. “We now use Persona to authenticate users. If users were using the same password on other websites, we encourage them to change those passwords and to use unique passwords for every account they have.”

On top of notifying users, Mozilla is also looking at ways to enhance its existing processes and procedures to reduce the chances of a similar incident happening again, according to the post.

Get SC Media delivered to your inbox

SC Media Featured White Paper of the Day

SC Media Newswire

SC Media Product/Industry Buzz

I would like to receive relevant information via email from Haymarket Media.

SC Media arms cybersecurity professionals with the in-depth, unbiased business and technical information they need to tackle the countless security challenges they face and establish risk management and compliance postures that underpin overall business strategies.